Private Apps

You can automatically protects private apps behind a login prompt. In order to achieve this, you'll need to:

1. Add an email field to your global config

   // ~/.config/smallweb/config.json
   {
       "email": "[email protected]"
   }
   

2. Set the private field to true in your app's config.

   // ~/smallweb/private-app/smallweb.json
   {
       "private": true
   }
   

The next time you'll try to access the app, you'll be prompted with a login screen (provided by lastlogin.net).

Additionaly, you can generate tokens for non-interactive clients using the smallweb token create command.

smallweb token create --description "CI/CD pipeline"

Then, you can pass this token in the Authorization header of your requests.

curl https://private-app.smallweb.run -H "Authorization: Bearer <token>"

or alternatively, use the basic auth username.

curl https://private-app.smallweb.run -u "<token>"

# or
curl https://<token>@private-app.smallweb.run

If your app is public, but you still want to protect some routes, you can use the privateRoutes field in your app's config.

// ~/smallweb/private-app/smallweb.json
{
    "privateRoutes": ["/private/*"]
}

There is also a publicRoutes field that you can use to protect all routes except the ones listed.

{
    "private": true,
    "publicRoutes": ["/public/*"]
}